Search Login
Sign In Sign Up for Free

Interactive Product Tour

interactive tour Start a Tour Get a Demo

Interactive Product Tour

interactive tour Start a Tour Get a Demo
Blog
>
Back to Blog

May Recap: New AWS Privileged Permissions and Services

Karen Levy
Karen Levy
June 8, 2026
3 mins to read
May 26 Recap - AWS

May’s new AWS permissions span compute networking, genomics pipelines, container orchestration, and external AI platforms. The service categories are varied, but the risk pattern is consistent.

The central theme for May is “Infrastructure Hijacking.” These permissions share a common attack path: each one either extends the reach of attacker-controlled infrastructure, replaces legitimate workloads with arbitrary ones, or permanently destroys the resources security teams depend on. The ECS daemon permissions are particularly notable. Four permissions working in sequence — register, create, update, delete — cover the full lifecycle of cluster-wide workload control. Any identity holding this combination can deploy, redirect, and then erase evidence of malicious execution across an entire container fleet. The only effective control is ensuring those permissions never coexist in the same identity.

Existing Services with New Privileged Permissions

Amazon EC2

Service Type: Compute Services

Permission: ec2:CreateSecondaryNetwork

  • Action: Grants permission to create a secondary network
  • Mitre Tactic: Resource Development
  • Why it’s privileged: Creates an additional network interface or subnet attachment within an EC2 environment. A secondary network can route traffic outside established monitoring boundaries, establish lateral movement paths to otherwise isolated segments, or support infrastructure staging that bypasses existing network controls.

AWS HealthOmics

Service Type: Data and Analytics

Permission: omics:CreateConfiguration

  • Action: Grants permission to create a new configuration
  • Mitre Tactic: Defense Evasion
  • Why it’s privileged: Configurations are referenced by name in Omics runs. Creating a new configuration under an existing name, with a different VPC definition, redirects any automated runs referencing that name into an attacker-controlled network without modifying the run itself or triggering any alerts on the run configuration.

Amazon Elastic Container Service

Service Type: Containers and Orchestration

Permission: ecs:CreateDaemon

  • Action: Grants permission to create a new daemon in a specified cluster
  • Mitre Tactic: Execution
  • Why it’s privileged: Associates a task definition with a capacity provider, deploying the daemon across every container instance managed by that provider. Combined with ecs:RegisterDaemonTaskDefinition, this grants the ability to run arbitrary containers on arbitrary ECS instances across the cluster, creating a direct path for workload injection such as cryptomining or other malicious executables at scale.

Permission: ecs:RegisterDaemonTaskDefinition

  • Action: Grants permission to register a new daemon task definition from the supplied family and container definitions
  • Mitre Tactic: Execution
  • Why it’s privileged: Defines the container image, commands, and task execution role for a daemon. Combined with ecs:CreateDaemon, this runs arbitrary code across every instance in a cluster, with access to any permissions held by the attached role.

Permission: ecs:UpdateDaemon

  • Action: Grants permission to modify the parameters of a daemon
  • Mitre Tactic: Execution
  • Why it’s privileged: Redirects a running daemon to a different task definition across every container instance in the cluster. Combined with ecs:RegisterDaemonTaskDefinition, this replaces legitimate workloads with arbitrary containers at scale without redeploying the daemon.

Permission: ecs:DeleteDaemon

  • Action: Grants permission to delete a specified daemon within a cluster
  • Mitre Tactic: Defense Evasion
  • Why it’s privileged: Removes security, observability, or networking agents deployed across ECS managed instances, disabling monitoring and detection before further attack activity.

New Services with Privileged Permissions

Claude Platform on AWS

Service Type: Artificial Intelligence & Machine Learning

Permission: aws-external-anthropic:ArchiveWorkspace

  • Action: Grants permission to archive a workspace
  • Mitre Tactic: Impact
  • Why it’s privileged: Permanently destroys all workspace-scoped resources, including agents, credential vaults, skills, and sessions. Despite the “archive” label, the action is irreversible, making it functionally equivalent to deletion at the workspace level.

 

Conclusion

May’s additions follow a pattern that extends beyond any single service. Privileged permissions are appearing in container orchestration layers, genomics pipeline configurations, and now external AI platforms, each carrying the ability to redirect infrastructure, inject workloads, or permanently destroy operational resources.

Sonrai Security’s Cloud Permissions Firewall tracks these permissions as they are released, maps them to the MITRE ATT&CK framework, and controls them before they become a breach. When four permissions in sequence give an attacker full control of a container fleet, least privilege is not a configuration task. It is the primary control standing between your cluster and an attacker with a cryptominer.

Explore the First Cloud Permissions Firewall
Get Your Free Trial
Sonrai Main Logo

© 2026 Sonrai Security. All rights reserved

Privacy Policy  |  

Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307, 11,134,085, and 12,218,982, together with other domestic and international patents pending. All rights reserved.